package com.neusoft.bizcore.web.filter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

import org.apache.commons.text.StringEscapeUtils;

import lombok.extern.slf4j.Slf4j;

/**
 * description
 *
 * @author sunchf
 * @date 2018年12月7日 上午9:07:27
 */
@Deprecated
@Slf4j
public class XSSRequestWrapper extends HttpServletRequestWrapper {

    public XSSRequestWrapper(HttpServletRequest request) {
        super(request);
    }

    @Override
    public String[] getParameterValues(String parameter) {
        final String[] values = super.getParameterValues(parameter);
        if (values == null) {
            return null;
        }
        final int count = values.length;
        final String[] encodedValues = new String[count];
        for (int i = 0; i < count; i++) {
            encodedValues[i] = this.dealString(values[i]);
        }
        return encodedValues;
    }

    @Override
    public String getParameter(String parameter) {
        final String value = super.getParameter(parameter);
        return this.dealString(value);
    }

    private String dealString(String value) {
        if (XSSRequestWrapper.log.isDebugEnabled()) {
            XSSRequestWrapper.log.debug("the value before escape: {}", value);
        }
        if (value != null) {
            StringEscapeUtils.escapeHtml4(value);
            StringEscapeUtils.escapeEcmaScript(value);
        }
        if (XSSRequestWrapper.log.isDebugEnabled()) {
            XSSRequestWrapper.log.debug("the value after escape: {}", value);
        }
        return value;
    }

}
